From 1e2bdc2b6d28c76c63fc9fd36169b90fa0994388 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Jul 2001 08:41:36 +0000 Subject: [PATCH 1/1] - Always use instead of just - Check if RAND_pseudo_bytes() exists, otherwise just use RAND_bytes() --- m4/openssl.m4 | 2 ++ src/meta.c | 8 ++------ src/net.c | 47 +++++++++++++++-------------------------------- src/protocol.c | 27 ++++++++------------------- src/tincd.c | 30 ++++-------------------------- 5 files changed, 31 insertions(+), 83 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index d9f8e163..2ef9c378 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -29,6 +29,8 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR("OpenSSL libraries not found.")] ) + AC_CHECK_FUNCS(RAND_pseudo_bytes) + AC_CHECK_FUNC(dlopen, [], AC_CHECK_LIB(dl, dlopen, diff --git a/src/meta.c b/src/meta.c index 3fadb0d4..4f51e2a5 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.18 2001/05/25 11:54:28 guus Exp $ + $Id: meta.c,v 1.1.2.19 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -32,11 +32,7 @@ /* This line must be below the rest for FreeBSD */ #include -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif +#include #include "net.h" #include "connection.h" diff --git a/src/net.c b/src/net.c index 2e84a724..309079b8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.117 2001/06/29 10:30:18 guus Exp $ + $Id: net.c,v 1.35.4.118 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -45,28 +45,12 @@ #include #include -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include -#endif +#include +#include +#include -#ifdef HAVE_OPENSSL_PEM_H -# include -#else -# include +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes #endif #ifdef HAVE_TUNTAP @@ -134,7 +118,7 @@ cp /* Encrypt the packet. */ - RAND_bytes(inpkt->salt, sizeof(inpkt->salt)); + RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt)); EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); @@ -344,12 +328,12 @@ cp /* Set default MAC address for ethertap devices */ mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xff; - mymac.net.mac.address.x[1] = 0xff; - mymac.net.mac.address.x[2] = 0xff; - mymac.net.mac.address.x[3] = 0xff; - mymac.net.mac.address.x[4] = 0xff; - mymac.net.mac.address.x[5] = 0xff; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_LINUX #ifdef HAVE_TUNTAP @@ -366,8 +350,7 @@ cp taptype = TAP_TYPE_TUNTAP; } #endif -#endif -#ifdef HAVE_FREEBSD +#else taptype = TAP_TYPE_TUNTAP; #endif cp @@ -1427,7 +1410,7 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; } diff --git a/src/protocol.c b/src/protocol.c index aab22660..ef601802 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.97 2001/07/01 21:42:13 guus Exp $ + $Id: protocol.c,v 1.28.4.98 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -40,25 +40,14 @@ #include -#ifdef HAVE_OPENSSL_SHA_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif +#include +#include +#include -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes #endif - #include "conf.h" #include "net.h" #include "netutl.h" @@ -1066,7 +1055,7 @@ int send_ping(connection_t *cl) cp cl->status.pinged = 1; cl->last_ping_time = time(NULL); - RAND_bytes(salt, SALTLEN); + RAND_pseudo_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); salt[SALTLEN*2] = '\0'; cp @@ -1083,7 +1072,7 @@ int send_pong(connection_t *cl) { char salt[SALTLEN*2+1]; cp - RAND_bytes(salt, SALTLEN); + RAND_pseudo_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); salt[SALTLEN*2] = '\0'; cp diff --git a/src/tincd.c b/src/tincd.c index d9512240..b9a95722 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.47 2001/06/05 16:09:55 guus Exp $ + $Id: tincd.c,v 1.10.4.48 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -38,31 +38,9 @@ # include #endif -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_PEM_H -# include -#else -# include -#endif - - +#include +#include +#include #include #include -- 2.20.1